Network Based Attacks 


Objectives 


e Explain how the network can be a source of attack 
e Discuss how the attacks work at a high level 
e Understand options in prevention 


Common Types of Attacks 


e Active attacks - Attacker has ability to see/manipulate 
real-time traffic 
¢ Sniffing 
e Eavesdropping 
e Spoofing 
e Denial of service 
e Passive attacks - Attacker can read data and use the 
data for other purposes 
e Stems from sniffing traffic 
*Compromised data 


Active attacks - Sniffing 


¢What it is: Reading, monitoring, or capturing full packets 
from a device 


e Well Known tools used: Wireshark, tcodump 


e How common: Most network attacks come from 
someone being able to get into the traffic stream 


e Complexity: very simple providing you have ability to 
actually get into the data stream 


e Risk: It’s a Serious threat, sniffing is non-intrusive 


Active attacks - Eavesdropping 


¢What it is: Similar to sniffing and may be used in the 
Same manner, but sometimes without full packets, 
usually synomous with 1 to 1 communications 


e Well Known tools used: Wireshark, tcodump, ettercap 


e. How common: Most network attacks are in the form of 
sniffing, eavesdropping is a form of it 


e Complexity: Getting into the data stream can be difficult 


e Risk: It’s a serious threat, eavesdropping if done 
incorrectly can result in a noticeable change in 
connection so it’s easier to detect 


Active attacks - Spoofing 


¢What it is: Pretending to be someone/something that 
you are not. ARP spoofing. Typically done with the 
router/gateway 


e Well Known tools used: ettercap 


e How common: May only work on non-enterprise 
systems. Enterprise systems have detection 
mechanisms 


e Complexity: Not complex because of software 


e Risk: Serious threat because this is more of an active 
attack. Anything can be spoofed in this type of attack. 


Active attacks - Dental of Service 


¢What it is: Effects the ability to use resources 

e Well known tools used: HOIC, LOIC, botnets 

e How common: Not common due to resource constraints 
e Complexity: Very complex for large organizations 

e Risk: You lose business because of resource availability 


Passive attacks 


e Most passive network attacks stem from previous active 
attacks 


e Attacker uses information obtained via sniffing or 
eavesdropping for: 
e Password attacks - unencrypted password reuse 
e Replay attacks - using tokens or cookies from traffic stream 
e Use other information obtained against you 


Protection 


e |f you are an enterprise: 
e Keep up to date on network security patches 
e Utilize enterprise grade hardware 
e Segment your network 
e Protect network equipment 


° |f you are a small business or and individual that cannot 
afford to purchase enterprise grade hardware: 
e Understand who is on your network 
e Don’t allow outsiders to connect to your private networks 


